Collections

The collection management API allows globus users to manage guest collections and administrators to manage mapped collections.

A mapped collection is a collection that maps the Globus Auth identity of the user accessing the collection to a local account in the Storage Gateway’s user space. Mapped collections can only be created by those with an administrator role on the Endpoint.

A guest collection is a collection that uses the collection creator’s credentials to access the Storage Gateway data interface. ACLs may be added to a Guest Collection by using the Globus Transfer API.

Operations on Mapped Collections require an administrator role.

Collections Overview

Method	API Path	Description
`POST`	/api/collections/batch_delete	Delete multiple guest collections
`GET`	/api/collections	List the collections on this endpoint
`POST`	/api/collections	Create a collection
`PUT`	/api/collections/{collection_id}/owner_string	Set advertised owner of collection
`DELETE`	/api/collections/{collection_id}/owner_string	Reset advertised owner of collection
`GET`	/api/collections/{collection_id}	Get information about a collection
`PATCH`	/api/collections/{collection_id}	Update a collection
`PUT`	/api/collections/{collection_id}	Update a collection
`DELETE`	/api/collections/{collection_id}	Delete a collection

Details

Delete multiple guest collections

POST /api/collections/batch_delete

Initiate the deletion of multiple guest collections. The input document contains a list of the IDs of collections to delete.

If any of the collections have collection_type of "mapped", then this operation returns an error indicating which ones were not valid or this operation.

If any of the collections do not exist or are already deleted, then they are silently ignored.

Deletion does not happen immediately; it is handled in the background by the GCS Manager Assistant process.

On success, this operation returns a message body containing the list of collections from the input that this GCS manager node will delete.

Authorization

RoleAuthorizer:
- endpoint:owner
- endpoint:administrator

Request body

Content-Type: application/json

The Batch data type is used to specify multiple objects to operate on via a single REST API call.

Name	Type	Description
DATA_TYPE	string `batch#1.0.0`	Type of this document
ids	array of string <uuid>	List of object IDs to operate on

Example

{
  "DATA_TYPE": "batch#1.0.0",
  "ids": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ]
}

Responses

202 - Delete multiple collections response

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string `success`	String response code
data	array of object Batch
detail	any type
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "batch#1.0.0",
      "ids": [
        "497f6eca-6276-4993-bfeb-53cbbbba6f08"
      ]
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

400 - Bad Request

401 - Unauthorized

403 - Permission denied

Content-Type: application/json

One of the following schemas:

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string `permission_denied`	String response code
data	array of object
detail	string or MissingRequiredRole
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer `403`	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string `permission_denied`	String response code
data	array of object
detail	string or Batch
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer `403`	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

415 - Unsupported media type

422 - Unprocessable entity

Details

List the collections on this endpoint

GET /api/collections

This operation requires either the endpoint to have the public property set to true or the caller to have a role that allows viewing this Collection.

The result of this can be limited by using the filter query parameter to choose which of the visible collections to return. This is a comma-separated list of filters to apply to the result set:

mapped_collections: Only collections with collection_type equal to mapped.
guest_collections: Only collections with collection_type equal to guest.
managed_by_me: Only collections where one of caller's identities (either directly or via a group role assignment) is granted a role on the collection.
created_by_me: Only collections where one of the caller's identities matches the `identity_id` property of the collection.
last_access < YYYY-MM-DD
last_access <= YYYY-MM-DD
last_access <= YYYY-MM-DD
last_access = YYYY-MM-DD
last_access >= YYYY-MM-DD
last_access < YYYY-MM-DD: Only collections accessed before or after the given date
created_at < YYYY-MM-DD
created_at <= YYYY-MM-DD
created_at <= YYYY-MM-DD
created_at = YYYY-MM-DD
created_at >= YYYY-MM-DD
created_at < YYYY-MM-DD: Only collections created before or after the given date

The result can also be limited by including the mapped_collection_id query parameter. This limits the response to guest collections which have been created using the specified mapped collection.

Normally, only public collection configuration policy data is included in the response. If the query parameter include=private_policies is passed to this API, and the caller has an administrator role on this collection, the response will include all private policies for the collection as well.

Authorization

PublicAuthorizer
RoleAuthorizer:
- endpoint:owner
- endpoint:administrator
- endpoint:activity_manager
- endpoint:activity_monitor
- collection:administrator:{collection_id}
- collection:activity_manager:{collection_id}
- collection:activity_monitor:{collection_id}
- collection:access_manager:{collection_id}
- collection:administrator:{mapped_collection_id}
- collection:activity_manager:{mapped_collection_id}
StorageGatewayAuthorizer
- {storage_gateway_id}

Query Parameters

Parameter	Type	Description
page_size	integer <int>	Maximum page size for a paginated response
marker	string	Pagination marker for a paginated response
include	array of string `private_policies`	Document values to include
filter	array of string `^\s(mapped_collections\|guest_collections\|managed_by_me\|created_by_me\|created_at\s([<>]=?\|=)\s(\d{4}-\d{2}-\d{2})\|last_access\s([<>]=?\|=)\s(\d{4}-\d{2}-\d{2}))\s$`	Filter to apply to the return set
mapped_collection_id	string <uuid>	Filter collections which were created using this mapped_collection_id

Responses

200 - List collections response

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string `success`	String response code
data	array of object Collection
detail	any type
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "collection#1.0.0",
      "allow_guest_collections": true,
      "authentication_timeout_mins": 0,
      "collection_base_path": "string",
      "collection_type": "mapped",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "contact_email": "string",
      "contact_info": "string",
      "default_directory": "string",
      "deleted": true,
      "department": "string",
      "description": "string",
      "disable_verify": true,
      "display_name": "string",
      "domain_name": "string",
      "force_encryption": true,
      "high_assurance": true,
      "https_url": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "info_link": "string",
      "keywords": [
        "string"
      ],
      "manager_url": "string",
      "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
      "organization": "string",
      "policies": {
        "DATA_TYPE": "s3_collection_policies#1.0.0"
      },
      "public": true,
      "root_path": "string",
      "sharing_restrict_paths": {},
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "tlsftp_url": "string",
      "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

401 - Unauthorized

403 - Permission denied

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string `permission_denied`	String response code
data	array of object
detail	any type
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer `403`	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "code": "string",
  "http_response_code": 100,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

404 - Not found

Create a collection

POST /api/collections

This is used to create either a mapped or a guest collection. When created, a "collection:administrator" role for that collection will be created using the caller’s identity.

The collection is assigned a unique DNS name. For guest collections, this DNS name begins with "g-". By default, for mapped collections this name begins with "m-", but a user with an "endpoint:administrator" role may assign a custom domain name for a mapped collection.

In order to create a guest collection, the caller must have an identity that matches the Storage Gateway policies.

In order to create a mapped collection, the caller must have an "endpoint:administrator" or "endpoint:owner" role.

Authorization

RoleAuthorizer:
- endpoint:administrator
- endpoint:owner
StorageGatewayAuthorizer
- {storage_gateway_id}

Request body

Content-Type: application/json

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus web app when users visit the collection.

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable ACLs that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection ACLs.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted.

Version 1.9.0 adds the read-only last_access and created_at properties.

One of the following schemas:

Name	Type	Description
DATA_TYPE	string `collection#1.3.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name	Type	Description
DATA_TYPE	string `collection#1.4.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name	Type	Description
DATA_TYPE	string `collection#1.5.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection an allow anonymous write ACLs or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name	Type	Description
DATA_TYPE	string `collection#1.6.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection an allow anonymous write ACLs or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
guest_auth_policy_id	string <uuid>	Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before ACLs are considered. Read-only on guest collections. (Added in API 1.15.0)
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name	Type	Description
DATA_TYPE	string `collection#1.7.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection an allow anonymous write ACLs or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
guest_auth_policy_id	string <uuid>	Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before ACLs are considered. Read-only on guest collections. (Added in API 1.15.0)
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name	Type	Description
DATA_TYPE	string `collection#1.8.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
delete_protected	boolean	If set to true, this collection can not be deleted. This property is available only on mapped collections.
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection an allow anonymous write ACLs or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
guest_auth_policy_id	string <uuid>	Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before ACLs are considered. Read-only on guest collections. (Added in API 1.15.0)
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Name	Type	Description
DATA_TYPE	string `collection#1.9.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for this collection. This is visible to end users so that they may contact your organization for support.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address. This is visible to end users for support.
created_at	string <date>	Date on which this collection was created
default_directory	string `^(/\|\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
delete_protected	boolean	If set to true, this collection can not be deleted. This property is available only on mapped collections.
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection an allow anonymous write ACLs or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
guest_auth_policy_id	string <uuid>	Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before ACLs are considered. Read-only on guest collections. (Added in API 1.15.0)
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
last_access	string <date>	Date on which this collection was last accessed
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	S3CollectionPolicies_1_0_0 or AzureBlobCollectionPolicies_1_0_0 or BlackPearlCollectionPolicies_1_0_0 or BoxCollectionPolicies_1_0_0 or CephCollectionPolicies_1_0_0 or GoogleCloudStorageCollectionPolicies_1_0_0 or GoogleDriveCollectionPolicies_1_0_0 or HPSSCollectionPolicies_1_0_0 or IrodsCollectionPolicies_1_0_0 or OneDriveCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_0_0 or PosixCollectionPolicies_1_1_0 or PosixStagingCollectionPolicies_1_0_0	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

Example

{
  "DATA_TYPE": "collection#1.0.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "s3_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}

Responses

201 - Create collections response

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string `success`	String response code
data	array of object Collection
detail	any type
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "collection#1.0.0",
      "allow_guest_collections": true,
      "authentication_timeout_mins": 0,
      "collection_base_path": "string",
      "collection_type": "mapped",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "contact_email": "string",
      "contact_info": "string",
      "default_directory": "string",
      "deleted": true,
      "department": "string",
      "description": "string",
      "disable_verify": true,
      "display_name": "string",
      "domain_name": "string",
      "force_encryption": true,
      "high_assurance": true,
      "https_url": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "info_link": "string",
      "keywords": [
        "string"
      ],
      "manager_url": "string",
      "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
      "organization": "string",
      "policies": {
        "DATA_TYPE": "s3_collection_policies#1.0.0"
      },
      "public": true,
      "root_path": "string",
      "sharing_restrict_paths": {},
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "tlsftp_url": "string",
      "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

400 - Bad Request

401 - Unauthorized

403 - Permission denied

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string `permission_denied`	String response code
data	array of object
detail	string or AuthenticationTimeout or CredentialNotFound or IdNotInIdentitySet or InvalidCredential or InvalidUser or MissingRequiredRole or NotFromAllowedDomain or SubscriptionRequired
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer `403`	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

409 - Conflict

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string `conflict`	String response code
data	array of object
detail	string or ResourceConflict
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer `409`	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

415 - Unsupported media type

422 - Unprocessable entity

Details

Set advertised owner of collection

PUT /api/collections/{collection_id}/owner_string

Update the advertised owner string of the collection

Modify the collection’s advertised owner to match the username of one of the caller’s linked identities. The identity must have an administrator role on the collection.

Authorization

RoleAuthorizer:
- endpoint:owner
- collection:administrator:{collection_id}

Path parameters

▷ collection_id

Id of the collection

Parameter	Type	Description
collection_id (required)	string <uuid>	Id of the collection

Request body

Content-Type: application/json

Owner string document

Name	Type	Description
DATA_TYPE	string `owner_string#1.0.0`	Type of this document
identity_id	string <uuid>	Globus Auth Identity id

Example

{
  "DATA_TYPE": "owner_string#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}

Responses

200 - Set collection owner string response

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string	String response code
data	array of object
detail	any type
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

400 - Bad Request

401 - Unauthorized

403 - Permission denied

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string `permission_denied`	String response code
data	array of object
detail	string or MissingRequiredRole
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer `403`	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

404 - Not found

415 - Unsupported media type

422 - Unprocessable entity

Reset advertised owner of collection

DELETE /api/collections/{collection_id}/owner_string

Reset the advertised owner string of the collection to the endpoint’s client_id.

Authorization

RoleAuthorizer:
- collection:administrator:{collection_id}
- endpoint:administrator
- endpoint:owner

Path parameters

▷ collection_id

Id of the collection

Parameter	Type	Description
collection_id (required)	string <uuid>	Id of the collection

Responses

200 - Delete collection owner string response

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string	String response code
data	array of object
detail	any type
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

401 - Unauthorized

403 - Permission denied

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string `permission_denied`	String response code
data	array of object
detail	string or MissingRequiredRole
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer `403`	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "code": "string",
  "http_response_code": 100,
  "detail": null,
  "DATA_TYPE": "result#1.0.0",
  "data": [
    {}
  ],
  "has_next_page": false,
  "marker": "string",
  "message": "string"
}

404 - Not found

Details

Get information about a collection

GET /api/collections/{collection_id}

This operation requires either the endpoint to have the public property set to true or the caller to have a role that allows viewing this Endpoint. Some property visibility is limited for users who do not have an administrator role.

Authorization

PublicAuthorizer
RoleAuthorizer:
- endpoint:owner
- endpoint:administrator
- endpoint:activity_manager
- endpoint:activity_monitor
- collection:administrator:{collection_id}
- collection:activity_manager:{collection_id}
- collection:activity_monitor:{collection_id}
- collection:access_manager:{collection_id}
- collection:administrator:{mapped_collection_id}
- collection:activity_manager:{mapped_collection_id}
StorageGatewayAuthorizer
- {storage_gateway_id}

Path parameters

▷ collection_id

Id of the collection

Parameter	Type	Description
collection_id (required)	string <uuid>	Id of the collection

Query Parameters

Parameter	Type	Description
include	array of string `private_policies`	Document values to include

Responses

200 - List collections response

Content-Type: application/json

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string `success`	String response code
data	array of object Collection
detail	any type
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "code": "string",
  "data": [
    {
      "DATA_TYPE": "collection#1.0.0",
      "allow_guest_collections": true,
      "authentication_timeout_mins": 0,
      "collection_base_path": "string",
      "collection_type": "mapped",
      "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
      "contact_email": "string",
      "contact_info": "string",
      "default_directory": "string",
      "deleted": true,
      "department": "string",
      "description": "string",
      "disable_verify": true,
      "display_name": "string",
      "domain_name": "string",
      "force_encryption": true,
      "high_assurance": true,
      "https_url": "string",
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "info_link": "string",
      "keywords": [
        "string"
      ],
      "manager_url": "string",
      "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
      "organization": "string",
      "policies": {
        "DATA_TYPE": "s3_collection_policies#1.0.0"
      },
      "public": true,
      "root_path": "string",
      "sharing_restrict_paths": {},
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "tlsftp_url": "string",
      "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
    }
  ],
  "DATA_TYPE": "result#1.0.0",
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

401 - Unauthorized

404 - Not found

Update a collection

PATCH /api/collections/{collection_id}

Updates a collection, changing only the properties included in the input document. It optionally returns a document containing the document after the change is applied. Items explicitly set to null in the input are removed from the collection document.

Authorization

RoleAuthorizer:
- endpoint:owner
- endpoint:administrator
- collection:administrator:{collection_id}
- collection:administrator:{mapped_collection_id}

Path parameters

▷ collection_id

Id of the collection

Parameter	Type	Description
collection_id (required)	string <uuid>	Id of the collection